- Revision
- 116527
- Author
- [email protected]
- Date
- 2012-05-09 08:37:33 -0700 (Wed, 09 May 2012)
Log Message
Crash in WebCore::RenderBoxModelObject::paddingLeft
https://bugs.webkit.org/show_bug.cgi?id=83889
Patch by Takashi Sakamoto <[email protected]> on 2012-05-09
Reviewed by Abhishek Arya.
Source/WebCore:
RenderScrollbar creates RenderScrollbarPart without any parent
renderers. However, if the scrollbar has percent padding styles,
non-null parent renderer is required. So after creating/destroying
RenderScrollbarPart instances, set owningRenderer(creating)/0
(destroying) as its parent renderer.
Test: scrollbars/scrollbar-percent-padding-crash.html
scrollbars/scrollbar-percent-padding-crash-expected.txt
* rendering/RenderScrollbar.cpp:
(WebCore::RenderScrollbar::updateScrollbarPart):
Added setParent after creating/destroying RenderScrollbarPart.
* rendering/RenderScrollbarPart.cpp:
Made RenderScollbar friend, because setParent is protected and
RenderScrollbar is not inherited from class RenderObject.
LayoutTests:
As just invoking layoutTestController.display() invokes scrollbar's
WebCore::RenderScrollbarPart::paintIntoRect(), adding display() after
invoking layoutTestController.dumpAsText().
* scrollbars/scrollbar-percent-padding-crash.html: Added.
* scrollbars/scrollbar-percent-padding-crash-expected.txt: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (116526 => 116527)
--- trunk/LayoutTests/ChangeLog 2012-05-09 15:28:01 UTC (rev 116526)
+++ trunk/LayoutTests/ChangeLog 2012-05-09 15:37:33 UTC (rev 116527)
@@ -1,3 +1,17 @@
+2012-05-09 Takashi Sakamoto <[email protected]>
+
+ Crash in WebCore::RenderBoxModelObject::paddingLeft
+ https://bugs.webkit.org/show_bug.cgi?id=83889
+
+ Reviewed by Abhishek Arya.
+
+ As just invoking layoutTestController.display() invokes scrollbar's
+ WebCore::RenderScrollbarPart::paintIntoRect(), adding display() after
+ invoking layoutTestController.dumpAsText().
+
+ * scrollbars/scrollbar-percent-padding-crash.html: Added.
+ * scrollbars/scrollbar-percent-padding-crash-expected.txt: Added.
+
2012-05-09 Antti Koivisto <[email protected]>
Skip failing test http/tests/loading/post-in-iframe-with-back-navigation.html.
Added: trunk/LayoutTests/scrollbars/scrollbar-percent-padding-crash-expected.txt (0 => 116527)
--- trunk/LayoutTests/scrollbars/scrollbar-percent-padding-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/scrollbars/scrollbar-percent-padding-crash-expected.txt 2012-05-09 15:37:33 UTC (rev 116527)
@@ -0,0 +1,3 @@
+Test for bug 83889: This tests that there is no crash when using percentage value for scrollbar's padding property. On success you should see a frame with scrollbars and one PASS message in it.
+
+
Added: trunk/LayoutTests/scrollbars/scrollbar-percent-padding-crash.html (0 => 116527)
--- trunk/LayoutTests/scrollbars/scrollbar-percent-padding-crash.html (rev 0)
+++ trunk/LayoutTests/scrollbars/scrollbar-percent-padding-crash.html 2012-05-09 15:37:33 UTC (rev 116527)
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+::-webkit-scrollbar {
+ -webkit-padding-start: 1%; background: #666 -webkit-gradient(linear, left top, right top, from(rgba(255,255,255,0.5)), color-stop(0.5, rgba(255,255,255,0.1)), color-stop(0.5, rgba(0,0,0,0)), to(rgba(0,0,0,0.01)));
+}
+</style>
+<script>
+function runTest() {
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ document.body.offsetTop;
+ layoutTestController.display();
+ }
+};
+</script>
+</head>
+<body _onload_="runTest()">
+<p>Test for <a href="" 83889</a>:
+This tests that there is no crash when using percentage value for scrollbar's padding property. On success you should see a frame with scrollbars and one PASS message in it.
+<div style="height: 1000px;"></div>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (116526 => 116527)
--- trunk/Source/WebCore/ChangeLog 2012-05-09 15:28:01 UTC (rev 116526)
+++ trunk/Source/WebCore/ChangeLog 2012-05-09 15:37:33 UTC (rev 116527)
@@ -1,5 +1,28 @@
2012-05-09 Takashi Sakamoto <[email protected]>
+ Crash in WebCore::RenderBoxModelObject::paddingLeft
+ https://bugs.webkit.org/show_bug.cgi?id=83889
+
+ Reviewed by Abhishek Arya.
+
+ RenderScrollbar creates RenderScrollbarPart without any parent
+ renderers. However, if the scrollbar has percent padding styles,
+ non-null parent renderer is required. So after creating/destroying
+ RenderScrollbarPart instances, set owningRenderer(creating)/0
+ (destroying) as its parent renderer.
+
+ Test: scrollbars/scrollbar-percent-padding-crash.html
+ scrollbars/scrollbar-percent-padding-crash-expected.txt
+
+ * rendering/RenderScrollbar.cpp:
+ (WebCore::RenderScrollbar::updateScrollbarPart):
+ Added setParent after creating/destroying RenderScrollbarPart.
+ * rendering/RenderScrollbarPart.cpp:
+ Made RenderScollbar friend, because setParent is protected and
+ RenderScrollbar is not inherited from class RenderObject.
+
+2012-05-09 Takashi Sakamoto <[email protected]>
+
ShadowRoot needs applyAuthorStyles
https://bugs.webkit.org/show_bug.cgi?id=78472
Modified: trunk/Source/WebCore/rendering/RenderScrollbar.cpp (116526 => 116527)
--- trunk/Source/WebCore/rendering/RenderScrollbar.cpp 2012-05-09 15:28:01 UTC (rev 116526)
+++ trunk/Source/WebCore/rendering/RenderScrollbar.cpp 2012-05-09 15:37:33 UTC (rev 116527)
@@ -270,9 +270,11 @@
RenderScrollbarPart* partRenderer = m_parts.get(partType);
if (!partRenderer && needRenderer) {
partRenderer = new (owningRenderer()->renderArena()) RenderScrollbarPart(owningRenderer()->document(), this, partType);
+ partRenderer->setParent(owningRenderer());
m_parts.set(partType, partRenderer);
} else if (partRenderer && !needRenderer) {
m_parts.remove(partType);
+ partRenderer->setParent(0);
partRenderer->destroy();
partRenderer = 0;
}
Modified: trunk/Source/WebCore/rendering/RenderScrollbarPart.h (116526 => 116527)
--- trunk/Source/WebCore/rendering/RenderScrollbarPart.h 2012-05-09 15:28:01 UTC (rev 116526)
+++ trunk/Source/WebCore/rendering/RenderScrollbarPart.h 2012-05-09 15:37:33 UTC (rev 116527)
@@ -35,6 +35,8 @@
class RenderScrollbarPart : public RenderBlock {
public:
+ friend class RenderScrollbar;
+
RenderScrollbarPart(Node*, RenderScrollbar* = 0, ScrollbarPart = NoPart);
virtual ~RenderScrollbarPart();
